313. "Privacy Isn't Dead Yet," The New York Times, (April 6, 1999), Page A27.
It seems self-evident that information about your shoe size does not need to be as well guarded as information about tests ordered by your doctor. But with the Federal and state governments' piecemeal approach to privacy protection, if we release information about one facet of our lives, we inadvertently expose much about the others.
During Senate hearings in 1987 about Robert Bork's fitness to serve as a Supreme Court justice, a reporter found out which videotapes Mr. Bork rented. The response was the enactment of the Video Privacy Protection Act. Another law prohibits the Social Security Administration (but hardly anybody else) from releasing our Social Security numbers. Still other laws limit what states can do with information that we provide to motor vehicle departments.
Congress is now seeking to add some more panels to this crazy quilt of narrowly drawn privacy laws. The House recently endorsed a bill to prohibit banks and securities and insurance companies owned by the same parent corporation from sharing personal medical information. And Congress is grappling with laws to prevent some information about our mutual-fund holdings from being sold and bought as freely as hot dogs.
But with super powerful computers and vast databases in the private sector, personal information can't be segmented in this manner. For example, in 1996, a man in Los Angeles got himself a store card, which gave him discounts and allowed the store to trace what he purchased. After injuring his knee in the store, he sued for damages. He was then told that if he proceeded with his suit, the store would use the fact that he bought a lot of liquor to show that he must have fallen because he was a drunkard.
Some health insurers try to "cherry pick" their clients, seeking to cover only those who are least likely to have genetic problems or contract costly diseases like AIDS. Some laws prohibit insurers from asking people directly about their sexual orientation. But companies sometimes refuse to insure those whose vocation (designer?), place of residence (Greenwich Village?) and marital status (single at 40-plus?) suggest that they might pose high risks.
Especially comprehensive privacy invaders are "cookies" -- surveillance files that many marketers implant in the personal computers of people who visit their Web sites to allow the marketers to track users' preferences and transactions. Cookies, we are assured, merely inform marketers about our wishes so that advertising can be better directed, sparing us from a flood of junk mail.
Actually, by tracing the steps we take once we gain a new piece of information, cookies reveal not only what we buy (a thong from Victoria's Secret? Antidepressants?) but also how we think. Nineteen eighty-four is here, courtesy of Intel, Microsoft and quite a few other corporations.
All this has led Scott McNealy, the chairman and chief executive of Sun Microsystems, to state, "You already have zero privacy -- get over it." This pronouncement of the death of privacy is premature, but we will be able to keep it alive only if we introduce general, all-encompassing protections over segmented ones.
Some cyberspace anonymity can be provided by new technologies like anti-cookie programs and encryption software that allow us to encrypt all of our data. Corporate self-regulation can also help. I.B.M., for example, said last week that it would pull its advertising from Web sites that don't have clear privacy policies. Other companies like Disney and Kellogg have voluntarily agreed not to collect information about children 12 or younger without the consent of their parents. And some new Government regulation of Internet commerce may soon be required, if only because the European Union is insisting that any personal information about the citizens of its member countries cannot be used without the citizen's consent.
Especially sensitive information should get extra protection. But such selective security can work only if all the other information about a person is not freely accessible elsewhere.